WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1842)

Description

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."

Remediation

References

Related Vulnerabilities

WordPress Plugin Pym.js Embeds Cross-Site Scripting (1.3.2)

WordPress Plugin Backup and Restore WordPress-WPBackItUp Cross-Site Request Forgery (1.6.7)

WordPress Plugin Side Cart Woocommerce (Ajax) Cross-Site Request Forgery (2.0)

WordPress Plugin EWWW Image Optimizer Denial of Service (6.0.1)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2009-1386)

Severity

High

Classification

CVE-2013-1842 CWE-138

Tags

Missing Update Known Vulnerabilities